March 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2228050] New: CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2228050 Bug ID: 2228050 Summary: CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2227852 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2228050 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2223821] New: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Bug ID: 2223821 Summary: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2223016 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2211109] New: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2211109 Bug ID: 2211109 Summary: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2207947 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2211109

1 6

[Bug 2188526] New: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2188526 Bug ID: 2188526 Summary: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2188461 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2188526

1 6

[Bug 2182602] New: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2182602 Bug ID: 2182602 Summary: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182565 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182602

1 6

[Bug 2182590] New: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2182590 Bug ID: 2182590 Summary: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182561 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182590

1 6

[Bug 2258263] New: spdlog-1.13.0 is available
by bugzilla＠redhat.com 30 Apr '24

30 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2258263 Bug ID: 2258263 Summary: spdlog-1.13.0 is available Product: Fedora Version: rawhide Status: NEW Component: spdlog Keywords: FutureFeature, Triaged Assignee: vitaly(a)easycoding.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, logans(a)cottsay.net, thunderbirdtr(a)fedoraproject.org, vitaly(a)easycoding.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.13.0 Upstream release that is considered latest: 1.13.0 Current version/release in rawhide: 1.12.0-2.fc39 URL: https://github.com/gabime/spdlog/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/15599/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/spdlog -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2258263 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2271766] New: kyua: please provide epel9 package
by bugzilla＠redhat.com 29 Apr '24

29 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2271766 Bug ID: 2271766 Summary: kyua: please provide epel9 package Product: Fedora Version: rawhide OS: Linux Status: NEW Component: kyua Severity: medium Assignee: jonathan(a)almalinux.org Reporter: denis(a)fateyev.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org Target Milestone: --- Classification: Fedora Description of problem: Please provide "kyua" package in EPEL9. Bug has been opened against rawhide, since there were no "kyua" packages in EPEL earlier. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271766 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2268572] New: kyua: create epel{7,8,9} builds
by bugzilla＠redhat.com 29 Apr '24

29 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2268572 Bug ID: 2268572 Summary: kyua: create epel{7,8,9} builds Product: Fedora Version: rawhide URL: https://copr.fedorainfracloud.org/coprs/pemensik/atf/ OS: Linux Status: NEW Component: kyua Keywords: RFE Severity: medium Assignee: jonathan(a)almalinux.org Reporter: pemensik(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org Target Milestone: --- Classification: Fedora I have made my copr pemensik/atf with atf at [1]. I would like to have easier way to install kyua and its dependencies, which are atf and lutok. I am aware those tools are basically with dead upstream. I sometime want to test bind 9.16 or older with unit tests. I had to fiddle somehow to make also s390x builds. It would be simpler if I could do that directly on epel branches. Only few minor changes are needed for building them for rhel7 and rhel8. We had internal kyua builds, but those seem to be untagged even from internal buildroot. It would be phased out anyway, but if there are few things to keep them still compiled, it would help me. CentOS builds would stay still for some time. Sources moved to: - https://github.com/freebsd/atf - https://github.com/freebsd/lutok - https://github.com/freebsd/kyua While very little activity is there, still a tiny bit better that none. I would be willing to do simple fixes either to epel or fedora, if my time allows that. Could you please make branches and add me as epel assignee with commit rights? Some of my changes are at my fork [2]. 1. https://copr.fedorainfracloud.org/coprs/pemensik/atf/ 2. https://src.fedoraproject.org/fork/pemensik/rpms/atf Reproducible: Always Steps to Reproduce: 1. Use CentOS any version 2. dnf install kyua 3. Actual Results: # dnf list kyua\* --disablerepo=copr:copr.fedorainfracloud.org:pemensik:atf --enablerepo=epel --available Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 2:07:22 ago on Fri 08 Mar 2024 04:07:11 AM EST. Error: No matching Packages to list Expected Results: # dnf list kyua\* --enablerepo=epel --available Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 2:07:40 ago on Fri 08 Mar 2024 04:07:11 AM EST. Available Packages kyua.src 0.13-15.el9 copr:copr.fedorainfracloud.org:pemensik:atf kyua-debuginfo.s390x 0.13-15.el9 copr:copr.fedorainfracloud.org:pemensik:atf kyua-debugsource.s390x 0.13-15.el9 copr:copr.fedorainfracloud.org:pemensik:atf kyua-tests.s390x 0.13-15.el9 copr:copr.fedorainfracloud.org:pemensik:atf kyua-tests-debuginfo.s390x 0.13-15.el9 copr:copr.fedorainfracloud.org:pemensik:atf but with epel repos Depends on bug #2268570 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2268572 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 9

[Bug 2269314] New: sedutil-1.49 is available
by bugzilla＠redhat.com 29 Apr '24

29 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2269314 Bug ID: 2269314 Summary: sedutil-1.49 is available Product: Fedora Version: rawhide Status: NEW Component: sedutil Keywords: FutureFeature, Triaged Assignee: cra(a)fea.st Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: cra(a)fea.st, epel-packagers-sig(a)lists.fedoraproject.org, filbranden(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.49 Upstream release that is considered latest: 1.49 Current version/release in rawhide: 1.20.0-6.fc40 URL: https://github.com/Drive-Trust-Alliance/sedutil/wiki Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/15203/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/sedutil -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2269314 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

2024

2023

2022

2021

Epel-packagers-sig March 2024